What is Heartbleed and How Does it Affect Me?

What is Heartbleed and How Does it Affect Me?

Heartbleed is a security bug in the OpenSSL cryptography library. This bug allows a webserver to reply to a malformed heartbeat request with up to 64 kilobytes of data stored in memory on the webserver. The potential is that this data might contain critical security data like a server’s SSL private keys, providing a hacker with complete access to information on a web server.

Internet companies are concerned that this vulnerability has existed in some form since December 31, 2011 and that the code with this vulnerability is widely used on web servers everywhere. This poses a serious threat to any company conducting business over the Internet as either they or those they do businesses with may be affected by this security bug.

We at StorageCraft make every effort to maintain the highest degree of integrity and security with all of our products, which is why we are informing our customers who use the StorageCraft ShadowControl webserver of an automatic security update which will be applied to their appliance the next time that it is rebooted. To activate this automatic security update simply restart your ShadowControl appliance (see screenshot below).

Because of the nature of this security bug, StorageCraft recommends as a best practice that customers replace the certificates on all production ShadowControl appliances. For information on replacing SSL certificates on the ShadowControl appliance, please visit the ShadowControl User Guide – Security Section .

Recovery Zone Subscription

Related articles:

About the Recovery Zone

This online digest is dedicated to exploring BDR solutions and technology relevant to MSPs, VARs, and IT professionals.

The Recovery Zone is brought to you by StorageCraft, a company that has been producing software solutions for backup, disaster recovery, system migration, virtualization, and data protection for servers, desktops, and laptops since 2003.